Anonymity services/networks like Tor, VPNs that don't log etc., seem like very double edged swords. Is there any way to prevent people with bad intentions (like breaking the law) from using them or ...

Let's say I am browsing the Internet using Tor - visiting https://example.com/login.php - and the NSA is operating the Tor exit node which I am currently routed to use.
Can that NSA exit relay swap ...

A couple months earlier, I made the mistake of downloading some software over an insecure wireless network and running it without checking its integrity. I am now considering reinstalling my system, ...

In addition to the fact that encryption systems like PGP are notoriously difficult to use, and that encryption doesn't always jive with cloud-based services like webmail, the fact is that most people ...

while using google's phone verification code system, i have noticed that google phone verification code is always 6 digits
cant it be brute forced for randomly generating the 6 digits?is it there any ...

Is it considered bad practice to use the same password on separate sites, if so why? Even if the passwords to a site are compromised the attacker still doesn't know the user names or sites the same ...

Suppose my smartphone has been compromised and there is malicious software running on it. You can assume that the malicious software has broken out of any sandboxes and is running as root.
If I'm on ...

IS there websites and places where you can download all types of malware that you can run and test the security setup of your system?
I am currently playing around with UAC+EMET4+MSE and would like ...

TRIKE is an open source threat modeling methodology and tool, as presented by the authors. After i tried several threat modeling tools and methodologies, I have the feeling that it is the only real ...

I'm working on creating a program ("My Program") that will communicate with another program ("Their Program") via XML commands over a raw TCP/IP connection. Their program allows files to be written to ...

I have several datacentres and now I want to plan security for it, so it's resilient to external attacks.
I need to make a security model which will cover my web servers, auth servers, log servers, ...

I have been involved with developing threat models for several software products and features, and I'd like to formalize this process a little bit and create some documentation for my company's devs. ...

As continuing research in Secure Software Development, I found the OWASP Top 10 project list Technical Impact such as:
https://www.owasp.org/index.php/Top_10_2010-A1
Similarly, CAPEC list impact in ...

While there is a vast trove of vulnerabilties, threats and their corresponding countermeasures, the amount of information on Infosec Economics (Specifically for web applications) seems scarce.
What ...

Is there a website with the ability to search through viruses that will return detailed information on them? I can't seem to find one and I'm tired of only getting forums when I search for a specific ...

I'm developing a big project to monitor a remote machine's performance parameters like CPU, memory, disk space, and etc. through C# WMI. I want to use the minimum possible credentials to connect the ...

Looking for a formula and parameters to feed it that will aid in the isolation of relationships within a system when the origin and cause of an exploit within it is unknown. Here's an example of an ...

We're a small company and we do not have resources that we can dedicate to heavyweight threat modeling. However, if we could find a threat modeling framework that was pretty lightweight I think there ...

I am trying to learn more about attack graphs and how they can be used. I have read a little bit about them from some simple Google searches and believe that they could be a useful tool for work. I ...